package com.shiro;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory; /**
* @since 0.9 RC2
*/
public class HelloShiro { private static final transient Logger log = LoggerFactory.getLogger(HelloShiro.class); public static void main(String[] args) { //创建一个最简单的方法与配置Shiro SecurityManager
//服务器、用户、角色和权限是使用简单的INI配置。
//我们会做,通过使用一个工厂能摄取。ini文件和
//返回一个SecurityManager实例: //使用shiro。ini文件在类路径的根
//(文件:和url前缀负载分别从文件和url):
//1根据配置文件获取一个shiro的的工厂类
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
//2在工厂类中获取shiro的安全管理器
SecurityManager securityManager = factory.getInstance();
//3把securityManager放入SecurityUtils中
SecurityUtils.setSecurityManager(securityManager);
//4使用SecurityUtils获取当前登录的用户
Subject currentUser = SecurityUtils.getSubject();
//5获取当前用户的会话状态 shiro内置的session
Session session = currentUser.getSession(); //可自行放入一些属性到session里,然后根据自己的业务逻辑进行处理
session.setAttribute("someKey", "aValue");
String value = (String) session.getAttribute("someKey");
if (value.equals("aValue")) {
log.info("Retrieved the correct value! [" + value + "]");
}
//6判断当前用户是否已验证身份
if (!currentUser.isAuthenticated()) {
System.out.println("当前用户没有登录---->");
//7模拟创建一个登录令牌
UsernamePasswordToken token = new UsernamePasswordToken("lonestarr", "vespa");
token.setRememberMe(true);
try {
//8进行登录操作
//登录流程
//currentUser.login(token);--->调用了securityManager.login(this, token)方法
//---securityManager的login方法首先调用AuthenticatingSecurityManager的authenticate(AuthenticationToken token)方法
//---然后AuthenticatingSecurityManager的authenticate方法调用了ModularRealmAuthenticator的doAuthenticate(AuthenticationToken authenticationToken)
//---然后ModularRealmAuthenticator的doAuthenticate方法获取配置文件的的realm,如果配置文件没有定义realm,则默认使用SimpleAccountRealm
//--,若配置文件配置了多个realm,则遍历这些realm,并一一调用realm里的getAuthenticationInfo方法来获取AuthenticationInfo(身份验证信息)验证当前登录用户
//---从以上流程说明,我们可以通过自定多个realm,然后覆盖getAuthenticationInfo方法,从而达到自定义验证身份的方法
currentUser.login(token);
//Principal因为是object类型,所以我们在实际业务中可以自己扩展这个类
System.out.println("用户已登录----> 用户名:"+currentUser.getPrincipal().toString());
} catch (UnknownAccountException uae) {
log.info("There is no user with username of " + token.getPrincipal());
} catch (IncorrectCredentialsException ice) {
log.info("Password for account " + token.getPrincipal() + " was incorrect!");
} catch (LockedAccountException lae) {
log.info("The account for username " + token.getPrincipal() + " is locked. " +
"Please contact your administrator to unlock it.");
}
catch (AuthenticationException ae) {
}
} //9判断当前登录用户的角色---
//从源代码可以看出,currentUser.hasRole("schwartz")---调用了securityManager.hasRole(getPrincipals(), roleIdentifier)的方法
//再然后调用了AuthorizingRealm的hasRole(PrincipalCollection principal, String roleIdentifier)方法,
//而AuthorizingRealm的hasRole方法会先使用getAvailableAuthorizationCache()在缓存里获取AuthorizationInfo,如果缓存里没有AuthorizationInfo
//则默认的子类SimpleAccountRealm里获取的doGetAuthorizationInfo的方法里AuthorizationInfo(授权信息),而子类SimpleAccountRealm会在 factory.getInstance();时就把用户和角色放入一个map中,
//也就是说我们可以通过自定义AuthorizingRealm然后覆盖doGetAuthorizationInfo方法来实现我们的自定义验证授权信息
if (currentUser.hasRole("schwartz")) {
log.info("May the Schwartz be with you!");
} else {
log.info("Hello, mere mortal.");
} //test a typed permission (not instance-level)
//10权限验证
//从源代码可以看出currentUser.isPermitted("lightsaber:weild")---调用了securityManager.isPermitted(getPrincipals(), permission),
//----然后调用了AuthorizingRealm的isPermitted(PrincipalCollection principals, String permission),该方法里获取默认的permissionResolver,就是权限字符的解析器
//---然后调用了AuthorizingRealm。getAuthorizationInfo(),首先在缓存里获取AuthorizationInfo,如果没有,再从子类的SimpleAccountRealm的 doGetAuthorizationInfo去获取AuthorizationInfo
//----也就是说,我们可以通过AuthorizingRealm类,然后实现doGetAuthenticationInfo方法,从而实现自己业务逻辑的权限验证
if (currentUser.isPermitted("lightsaber:weild")) {
log.info("You may use a lightsaber ring. Use it wisely.");
} else {
log.info("Sorry, lightsaber rings are for schwartz masters only.");
} //a (very powerful) Instance Level permission:
if (currentUser.isPermitted("winnebago:drive:eagle5")) {
log.info("You are permitted to 'drive' the winnebago with license plate (id) 'eagle5'. " +
"Here are the keys - have fun!");
} else {
log.info("Sorry, you aren't allowed to drive the 'eagle5' winnebago!");
} //all done - log out!
currentUser.logout();
System.exit(0);
}
}